diff options
| author | Bram Moolenaar <Bram@vim.org> | 2017-02-18 16:59:02 +0100 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2017-02-18 16:59:02 +0100 |
| commit | c525e3a1c20f6b5d9809c8b84f80090a8e416c92 (patch) | |
| tree | 97e0b308f04483514caeb9fe18027583d3fae376 | |
| parent | 3df0173fa6d0418e89ef4e9c1d04a97c92eec27c (diff) | |
| download | vim-git-c525e3a1c20f6b5d9809c8b84f80090a8e416c92.tar.gz | |
patch 8.0.0337: invalid memory access in :recover commandv8.0.0337
Problem: Invalid memory access in :recover command.
Solution: Avoid access before directory name. (Dominique Pelle,
closes #1488)
| -rw-r--r-- | src/Makefile | 1 | ||||
| -rw-r--r-- | src/memline.c | 12 | ||||
| -rw-r--r-- | src/testdir/test_alot.vim | 1 | ||||
| -rw-r--r-- | src/testdir/test_recover.vim | 14 | ||||
| -rw-r--r-- | src/version.c | 2 |
5 files changed, 26 insertions, 4 deletions
diff --git a/src/Makefile b/src/Makefile index 52c74f20e..b5d39ec2c 100644 --- a/src/Makefile +++ b/src/Makefile @@ -2177,6 +2177,7 @@ test_arglist \ test_pyx2 \ test_pyx3 \ test_quickfix \ + test_recover \ test_regexp_latin \ test_regexp_utf8 \ test_reltime \ diff --git a/src/memline.c b/src/memline.c index 5874b5d69..df799b1b2 100644 --- a/src/memline.c +++ b/src/memline.c @@ -1863,8 +1863,10 @@ recover_names( else { #if defined(UNIX) || defined(WIN3264) - p = dir_name + STRLEN(dir_name); - if (after_pathsep(dir_name, p) && p[-1] == p[-2]) + int len = STRLEN(dir_name); + + p = dir_name + len; + if (after_pathsep(dir_name, p) && len > 1 && p[-1] == p[-2]) { /* Ends with '//', Use Full path for swap name */ tail = make_percent_swname(dir_name, fname_res); @@ -3922,8 +3924,10 @@ makeswapname( #endif #if defined(UNIX) || defined(WIN3264) /* Need _very_ long file names */ - s = dir_name + STRLEN(dir_name); - if (after_pathsep(dir_name, s) && s[-1] == s[-2]) + int len = STRLEN(dir_name); + + s = dir_name + len; + if (after_pathsep(dir_name, s) && len > 1 && s[-1] == s[-2]) { /* Ends with '//', Use Full path */ r = NULL; if ((s = make_percent_swname(dir_name, fname)) != NULL) diff --git a/src/testdir/test_alot.vim b/src/testdir/test_alot.vim index d43ae4f1b..ef0edc742 100644 --- a/src/testdir/test_alot.vim +++ b/src/testdir/test_alot.vim @@ -34,6 +34,7 @@ source test_messages.vim source test_partial.vim source test_popup.vim source test_put.vim +source test_recover.vim source test_reltime.vim source test_searchpos.vim source test_set.vim diff --git a/src/testdir/test_recover.vim b/src/testdir/test_recover.vim new file mode 100644 index 000000000..aa291b129 --- /dev/null +++ b/src/testdir/test_recover.vim @@ -0,0 +1,14 @@ +" Test :recover + +func Test_recover_root_dir() + " This used to access invalid memory. + split Xtest + set dir=/ + call assert_fails('recover', 'E305:') + close! + + call assert_fails('split Xtest', 'E303:') + set dir& +endfunc + +" TODO: move recover tests from test78.in to here. diff --git a/src/version.c b/src/version.c index df77e82c7..73f99290b 100644 --- a/src/version.c +++ b/src/version.c @@ -765,6 +765,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 337, +/**/ 336, /**/ 335, |